[Secure-testing-commits] r11185 - data/CVE

[jmm-guest at alioth.debian.org]

Author: jmm-guest
Date: 2009-02-10 23:08:25 +0000 (Tue, 10 Feb 2009)
New Revision: 11185

Modified:
   data/CVE/list
Log:
one bugzilla issue CVEfied (but there are more)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-02-10 23:02:08 UTC (rev 11184)
+++ data/CVE/list	2009-02-10 23:08:25 UTC (rev 11185)
@@ -27,9 +27,11 @@
 CVE-2009-0491 (Stack-based buffer overflow in Elecard MPEG Player 5.5 build ...)
 	TODO: check
 CVE-2009-0488 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 ...)
-	TODO: check
+	NOT-FOR-US: Phorum
 CVE-2009-0486 (Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls ...)
-	TODO: check
+	- bugzilla <unfixed> (bug #514143)
+        [etch] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected)
+        [lenny] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected)
 CVE-2009-0485 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to ...)
 	TODO: check
 CVE-2009-0484 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before ...)
@@ -488,8 +490,6 @@
 	- squid3 3.0.STABLE8-3 (medium)
 	[etch] - squid <not-affected> (Vulnerable code not present)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_1.txt
-CVE-2009-XXXX [bugzilla: Insufficiently Random Numbers]
-	- bugzilla <unfixed> (bug #514143)
 CVE-2009-XXXX [bugzilla: Abuse of Functionality (Attachments)]
 	- bugzilla <unfixed> (bug #514143)
 CVE-2009-XXXX [bugzilla: Cross-Site Request Forgery (2x)]